package top.porchwood.jweb.mcsm.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class WebSecurityConfg extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().frameOptions().disable();
        http.formLogin().loginPage("/login.html").loginProcessingUrl("/user/login").successForwardUrl("/user/logged").failureForwardUrl("/user/loginFailed");
        http.csrf().disable();
        var auth = http.authorizeRequests();
        auth.antMatchers("/error/**").permitAll();
        auth.antMatchers("/console.html").authenticated();
        auth.antMatchers("/*.*").permitAll();
        auth.antMatchers("/css/**").permitAll();
        auth.antMatchers("/js/**").permitAll();
        auth.antMatchers("/bootstrap/**").permitAll();
        auth.antMatchers("/struct/**").permitAll();
        auth.antMatchers("/img/user/**").permitAll();
        auth.antMatchers("/user/**").permitAll();
        auth.antMatchers("/user/index.html").authenticated();
        auth.antMatchers("/login/**").permitAll();
        auth.antMatchers("/").permitAll();
        auth.anyRequest().authenticated();
    }
    @Bean
    public PasswordEncoder getPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }
}
